Mobile ransomware known as LeakerLocker threatens to dox Android users with whom it comes into contact as a means of extortion.
The threat, detected by McAfee’s research team as “Android/Ransom.LeakerLocker.A!Pkg”, concealed itself inside two applications previously available on Google’s official Play Store. The first program was “Booster & Cleaner Pro,” which boasted as many as 5,000 installs and an inflated rating of 4.5/5.0.
Upwards of 10,000 users downloaded the second application, known as “Wallpapers Blur HD.” They gave it an average rating of only 3.6/5.0. No doubt some users’ warnings about the application’s request to make calls, read and send SMS messages, and access contents brought that rating down.
LeakerLocker doesn’t encrypt a user’s files like other Android-based ransomware. Upon successful installation, it locks the home screen and accesses private information in the background. A .dex file allows the threat to modify this behavior in an effort to avoid detection.
But this locker malware doesn’t do all that it says it does. McAfee’s Fernando Ruiz and ZePeng Chen elaborate on that point:
“Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information…
Users who believe the attackers actually possess all their information might decide to click the “PROCCEED” button. If they pay the US$50 successfully, LeakerLocker unlocks their device and displays the following message: “our [sic] personal data has been deleted from our servers and your privacy is secured.” And so the bluffers reap their profits.
To discourage this type of fraudulent behavior, it’s important that Android users protect against locker- and encryption-based mobile ransomware, not to mention fake apps that claim to protect them against such threats. They can do all this by downloading apps from only trusted developers on Google’s Play Store.
Android users should also back up their important mobile data on a regular basis and install an anti-virus solution onto their computers.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.